DPA

Data Processing Addendum

Perkli processes protected customer data on behalf of merchants only to provide and secure app functionality.

Last updated: July 15, 2026

Roles

For customer personal data that a merchant makes available through Shopify, the merchant is typically the controller or business and Perkli is typically the processor or service provider.

Perkli processes that data only on documented merchant instructions, including instructions reflected in the app configuration, Shopify APIs, App Store Listing, and applicable agreements.

Processing purposes

Perkli processes customer personal data to provide loyalty wallet functionality, ledger entries, rewards, referrals, store-credit workflows, cashback campaigns, VIP tiers, analytics, support, security, billing, auditability, and compliance.

Perkli does not process protected customer data for unrelated advertising, data sale, or unrelated third-party enrichment.

Minimum data

Perkli requests only the protected customer fields needed for the app value merchants enable. The initial production access target is customer name and email, plus Shopify identifiers and order/refund references needed to maintain the wallet ledger.

Phone numbers and addresses should remain out of scope unless a future feature creates a clear merchant value that cannot be delivered with less sensitive data.

Confidentiality and access

Perkli limits staff access to customer personal data to authorized personnel with a business need, uses strong authentication practices, and expects personnel to handle personal data confidentially.

Access to production systems is intended to be logged and reviewed according to Perkli's operational security procedures.

Subprocessors

Perkli may use subprocessors to host, secure, monitor, support, email, and operate the app. Subprocessors must process data only for authorized service purposes.

The current subprocessor register is published on the Subprocessors page and should be kept current before App Store submission and production launch.

Deletion and assistance

Perkli will provide reasonable assistance to merchants for privacy requests, deletion requests, access requests, and security inquiries related to customer data processed by Perkli.

When a merchant uninstalls Perkli or submits a verified deletion request, Perkli deletes or de-identifies covered data according to the retention schedule unless a legal or security exception applies.

Questions about this page? Contact Perkli privacy support.